Important update to the Zendesk DMARC policy

As of September 14, 2016, we made a change to Zendesk’s DMARC policy from p=”none” to p=”reject”. A DMARC reject policy tells the email receiver, “if you see an email from a domain, but the domain didn’t send it, please do not deliver it.” While this policy only has an impact on email receivers that perform DMARC validation on inbound emails, the list is growing and includes email providers such as Comcast, Google, Microsoft, AOL, and Yahoo.

This change helps to protect Zendesk’s customer subdomains from unauthorized use. It also stops delivery on what previously would have been considered authorized mail sent on behalf of Zendesk subdomains via non-Zendesk servers. Email sent on behalf of Zendesk subdomains to the receiver of the email will be rejected unless the email passes SPF or DKIM authentication checks.

We recognize that some legitimate senders will be challenged by this change and be forced to update how they send mail. However, this is an important change for protecting Zendesk’s reputation as an email sender and its customers’ reputations, as Zendesk sends emails on behalf of its 81,000 customers.

What should you do?
Regular use of Zendesk email, including email forwarding or use of the Gmail connector, is unaffected. This change will affect you if you have set up a mailing service or other tool to use one of your Zendesk addresses to send email.

For example, if you send an email newsletter to customers from support@company.zendesk.com using a tool other than Zendesk, and you want any responses to automatically create tickets in Zendesk, you will need to adjust your email settings to send on behalf of help@company.com and then forward the responses to support@company.zendesk.com.

Why this change?
We’ve made this change because we believe it is important. We don’t like to toot our own horn, but realize it can be helpful to hear what people in the DMARC community have to say about this change:

• From Steven M. Jones, Executive Chairman of DMARC.org: “Zendesk is taking a laudable step to secure the email communications of thousand of companies, and protect millions of their customers. I’m not sure there’s ever been a single deployment that would protect more companies than this.”
• From Tim Draegen, Chair of DMARC Working Group, IETF: “Zendesk’s roll out of DMARC across its huge customer-serving infrastructure really shows just how serious Zendesk is in protecting email communications. When someone signs up with Zendesk, a custom sub-domain of zendesk.com is provisioned for sending email on behalf of the customer. Securing so many actively used sub-domains to protect the entire Zendesk customer base has never been done before, and really proves the utility of DMARC and the ingenuity of Zendesk.”

Learn more about DMARC here. And thanks for working with us as we make email a safer and better experience for everyone!